I work for a University and have been tasked with converting from Shibboleth to WSO2IS. I am struggling with Claims and SAML2 Assertions.
I would like to be able to transform claims in WSO2IS. For instance if a SP expects birthDate in the format of '03-May-1979' and another one expects birthDate in the format of '05/03/1979', as far as I can tell there is no way to do that without having separate LDAP attributes and claims.
I would also like to be able to compute claims. For example if a SP wants an age, and I know a birthDate, could I compute the age and send as an assertion? Or could I combine multiple ldap attributes to create a new claim? Ldap GivenName + SurName = FullName.
Ideally, I'd like to be able to use JavaScript as an embedded language to make these kind of computations and transformations.
Is this currently possible or on the roadmap?
I have created a sample Custom Claim Handler[1]. Go through the code[2] and you should be able to figure out what I have done :).
I have added a README on how to deploy this on IS 5.3.0
[1] https://github.com/mefarazath/CustomClaimHandler
[2] https://github.com/mefarazath/CustomClaimHandler/blob/master/src/main/java/com/wso2/sample/claim/handler/CustomClaimHandler.java
Related
I want to integrate plotly Dash with my web app. I have data regarding a user like
leads found
meeting done
orders found
and other details of users per company.
So I want to pass the company_id and user_id and then get the report for only the specific user. He can filter between dimension or anything but he can't see the data for other users. What I found online is mostly a full dashboard. Is there an option to pass parameters in the api call, and then pass the data to plotly DASH and generate graph?
Please provide any resources if possible.
Not sure but maybe try to give the port:
https://example.com:5000/api/hello
I'm using WSO2 Identity Server 5.3.0 and several LDAP user stores.
I need to integrate AWS as a service provider and WSO2 IS as identity provider.
The situation is: I have lots of users stored in the user stores and some of them have specific roles that should be allowed to login to AWS service. So far I don't have the possibility to alter / update the current user stores.
That's why I'm trying to figure out a way to populate / generate / translate / calculate the value of a claim based on an already stored attribute in the user store.
I have a sort of table with the groups coming from LDAP's memberOf attribute a user could belong to and their equivalences to AWS attributes that should be stored in specific claims in order for AWS to allow that user to enter certain services.
The end user is willing to solve this situation within the WSO2 IS component without altering the stores content.
I'm wondering if the only way to do this is writing a custom User Store Manager or a Custom Claim Handler [1] to deal with this particular situation or there is a more standard way to accomplish this.
I will appreciate any input, thanks in advance
[1] http://pushpalankajaya.blogspot.ca/2014/07/adding-custom-claims-to-saml-response.html
I think Claim Handler is the right place to implement your logic. You can find a sample in https://github.com/mefarazath/CustomClaimHandler
I am using wso2 Identity Server and creating custom claims in it. In a specific use case i need two claims to replicate the same value.
So while creating user if i have give "1234" to claim http://wso2.org/claims/store1/id1 than claim http://wso2.org/claims/store2/id2 should also have "1234".
Is there any way possible to achieve this.
One way to achieve this, is to overwrite method in user store manager. There you can put your custom logic to save and get claims.
I am working on wso2is4.6.
I am new to wso2is. Maybe this is a stupid question, but I am still blocked.
The first question: when there are multiple claim dialect in system, which claim dialect will be used? Which conditions will make system to choose this dialect instead of another dialect?
The second question: I install wso2is4.6, and install apacheds 2.0 with default (no customization). where can I find corresponding claim mapping?
I know I need to correct the claim mapping, but I don't know how can I find the correct mapping. Can somebody provide the workable claim-mgt.xml base on wso2is4.6 and apache2.0?
Adding more info to Dulanja's answer,
Q1. In WSO2 Identity server, internally it always uses a claim dialect together with a claim URI to identity a unique claim. Different components uses different dialects to get its claims. Fr an example when adding a new user using management console, relevant(user-manager) component would use WSO2 default claim dialect mentioned above. Similarly if you are doing SCIM related operations, relevant components will use SCIM dialect.
Q2. As mentioned in Q1, makes the unique claim and where we store that claim's value can be configured in two ways.
i. You can use claim-config.xml in /repository/conf/ folder and you can edit claim-to-ldapAttribute mapping by changing <AttributeID> which is given under every element.
ii. Or you can change claim mappings at runtime using the Claim Management page in management console. Please refer [1] for more info.
[1] http://docs.wso2.org/display/IS460/Claim+Management
Thanks,
Question 1:
The default claim dialect of WSO2 products is http://wso2.org/claims. This is the underlying dialect of the User Profile view - currently you cannot change this to use a different dialect.
Other dialects are used in different scenarios. As an example http://schema.openid.net/2007/05/claims is used when IS acts as an OpenID Provider. OpenID relying parties (clients) requests attributes using the claim uris specified under this dialect. Other examples are SAMLSSO and Passive-STS flows. In them you have the option to select the dialect that you want to use to send back the attributes to the client.
Question 2:
Are you facing a claim-mapping related problem with the new ApacheDS 2.0 LDAP? As far as I know, since WSO2 IS embedded LDAP is also based on ApacheDS, if you point (via user-mgt.xml) to such an LDAP the existing claim-mapping should work without any problem
I'm trying to run a promotion for foursquare venue's so when a person check's into their location they are given a unique code to redeem on the venue's website when checking out in their online store. Is this possible? I see all over you can give out coupons but no where can I find in the API you can run a service to generate a code. I have the service created with PHP already to give codes according to the users IP.
Anyone know a solution to achieving this?
There's no service built into the API to generate/display a unique code. Generally people with this use case give a URL in the unlock copy for the user to click on which takes them to a site which gives them a code / unique QR code / etc.